pidfs: validate extensible ioctls

[ Upstream commit 3c17001b21b9f168c957ced9384abe969019b609 ]

Validate extensible ioctls stricter than we do now.

Reviewed-by: Aleksa Sarai <cyphar@cyphar.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/pidfs.c b/fs/pidfs.c
index 108e7527f837fd0e46e862d8479356018a9a7c04..2c9c7636253af0c5596014cc2ebcd7e678e981fc 100644 (file)
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -440,7 +440,7 @@ static bool pidfs_ioctl_valid(unsigned int cmd)
                 * erronously mistook the file descriptor for a pidfd.
                 * This is not perfect but will catch most cases.
                 */
-               return (_IOC_TYPE(cmd) == _IOC_TYPE(PIDFD_GET_INFO));
+               return extensible_ioctl_valid(cmd, PIDFD_GET_INFO, PIDFD_INFO_SIZE_VER0);
        }
 
        return false;

diff --git a/include/linux/fs.h b/include/linux/fs.h
index 74f2bfc519263c6411a8e3427e1bd6680a1121db..ed027152610369b538217014bfe6f787cdbd7c7d 100644 (file)
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -4025,4 +4025,18 @@ static inline bool vfs_empty_path(int dfd, const char __user *path)
 
 int generic_atomic_write_valid(struct kiocb *iocb, struct iov_iter *iter);
 
+static inline bool extensible_ioctl_valid(unsigned int cmd_a,
+                                         unsigned int cmd_b, size_t min_size)
+{
+       if (_IOC_DIR(cmd_a) != _IOC_DIR(cmd_b))
+               return false;
+       if (_IOC_TYPE(cmd_a) != _IOC_TYPE(cmd_b))
+               return false;
+       if (_IOC_NR(cmd_a) != _IOC_NR(cmd_b))
+               return false;
+       if (_IOC_SIZE(cmd_a) < min_size)
+               return false;
+       return true;
+}
+
 #endif /* _LINUX_FS_H */